From 4c8d86eac971f52739b8639942ec5dd5b8d1e228 Mon Sep 17 00:00:00 2001
From: "cycode-security[bot]"
 <54410473+cycode-security[bot]@users.noreply.github.com>
Date: Thu, 5 Sep 2024 17:52:24 +0000
Subject: [PATCH] [Cycode] Fix for SAST detections - Unsanitized user input in
 OS command

---
 vulnerabilities/exec/source/medium.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/vulnerabilities/exec/source/medium.php b/vulnerabilities/exec/source/medium.php
index 34f03367c..2afbb85bb 100644
--- a/vulnerabilities/exec/source/medium.php
+++ b/vulnerabilities/exec/source/medium.php
@@ -15,12 +15,12 @@
 
 	// Determine OS and execute the ping command.
 	if( stristr( php_uname( 's' ), 'Windows NT' ) ) {
-		// Windows
-		$cmd = shell_exec( 'ping  ' . $target );
+// Windows
+		$cmd = shell_exec( 'ping  ' . escapeshellarg($target) );
 	}
 	else {
 		// *nix
-		$cmd = shell_exec( 'ping  -c 4 ' . $target );
+		$cmd = shell_exec( 'ping  -c 4 ' . escapeshellarg($target) );
 	}
 
 	// Feedback for the end user